Changeset 196283 in webkit


Ignore:
Timestamp:
Feb 8, 2016 5:26:56 PM (8 years ago)
Author:
dbates@webkit.org
Message:

CSP connect-src directive should block redirects
https://bugs.webkit.org/show_bug.cgi?id=69359
<rdar://problem/24383025>

Reviewed by Brent Fulgham.

Source/WebCore:

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?revision=150246&view=revision>

Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
<https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).

Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
then we do not try to load URLs j >= i.

Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html

http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html

  • fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.

  • inspector/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
with the Web Inspector.

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
and pass it through to DocumentThreadableLoader::create().
(WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
to DocumentThreadableLoader::DocumentThreadableLoader().
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
that is not allowed by the CSP. The caller should not create a loader for such a request.
(WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
then notify the client that the redirect check failed.
(WebCore::DocumentThreadableLoader::loadRequest): Ditto.
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
by the enforced CSP directive.
(WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.

  • loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()

that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.

  • loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
(WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.

  • loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the

directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
only WorkerGlobalScope.importScripts() enforces a different directive: script-src.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
to the DocumentThreadableLoader.

  • loader/WorkerThreadableLoader.h:
  • page/EventSource.cpp:

(WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.

  • workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
instead of querying for it directly.

  • workers/AbstractWorker.h:
  • workers/Worker.cpp:

(WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
of the worker's script URL.

  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
Enforce the CSP directive script-src on redirects unless we are running in an isolated world.

  • workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
(WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.

  • workers/WorkerScriptLoader.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
an isolated world.

LayoutTests:

Add more tests, update erroneous expected results, and remove some entries from TestExpectations for tests
that now pass.

  • TestExpectations: Remove entries for tests that now pass. The failure of test http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html

was erroneously attributed to <https://bugs.webkit.org/show_bug.cgi?id=153562>.

  • http/tests/security/contentSecurityPolicy/resources/determine-content-security-policy-header.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/script-set-value.js: Use global variable self instead of window so as to

make this script work both from a Document and a Web Worker. In a document, self refers to the Window object and in a worker
it refers to the WorkerGlobalScope object.

  • http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt: Remove Blink-specific messages so that the test passes.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt: Substitute Blink-specific error text with the analogous WebKit error text.
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html: Ditto.
  • http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScripts-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScript-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html: Added.
Location:
trunk
Files:
30 added
23 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r196274 r196283  
     12016-02-08  Daniel Bates  <dabates@apple.com>
     2
     3        CSP connect-src directive should block redirects
     4        https://bugs.webkit.org/show_bug.cgi?id=69359
     5        <rdar://problem/24383025>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Add more tests, update erroneous expected results, and remove some entries from TestExpectations for tests
     10        that now pass.
     11
     12        * TestExpectations: Remove entries for tests that now pass. The failure of test http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html
     13        was erroneously attributed to <https://bugs.webkit.org/show_bug.cgi?id=153562>.
     14        * http/tests/security/contentSecurityPolicy/resources/determine-content-security-policy-header.php: Added.
     15        * http/tests/security/contentSecurityPolicy/resources/script-set-value.js: Use global variable self instead of window so as to
     16        make this script work both from a Document and a Web Worker. In a document, self refers to the Window object and in a worker
     17        it refers to the WorkerGlobalScope object.
     18        * http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.php: Added.
     19        * http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.php: Added.
     20        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.php: Added.
     21        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.php: Added.
     22        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php: Added.
     23        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt: Remove Blink-specific messages so that the test passes.
     24        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt: Added.
     25        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html: Added.
     26        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
     27        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html: Added.
     28        * http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt: Added.
     29        * http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html: Added.
     30        * http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
     31        * http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html: Added.
     32        * http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
     33        * http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html: Added.
     34        * http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt: Substitute Blink-specific error text with the analogous WebKit error text.
     35        * http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html: Ditto.
     36        * http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
     37        * http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html: Added.
     38        * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect-expected.txt: Added.
     39        * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html: Added.
     40        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin-expected.txt: Added.
     41        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html: Added.
     42        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScripts-redirect-cross-origin-expected.txt: Added.
     43        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScript-redirect-cross-origin-expected.txt: Added.
     44        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin-expected.txt: Added.
     45        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html: Added.
     46        * http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-expected.txt: Added.
     47        * http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin-expected.txt: Added.
     48        * http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html: Added.
     49        * http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html: Added.
     50
    1512016-02-08  Yusuke Suzuki  <utatane.tea@gmail.com>
    252
  • trunk/LayoutTests/TestExpectations

    r196268 r196283  
    793793
    794794# Content Security Policy failures
    795 webkit.org/b/69359 http/tests/security/contentSecurityPolicy/connect-src-eventsource-redirect-to-blocked.html [ Failure ]
    796 webkit.org/b/69359 http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked.html [ Failure ]
    797 webkit.org/b/69359 http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp.html [ Failure ]
    798795webkit.org/b/111869 http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
    799796webkit.org/b/115700 http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta.html [ Failure ]
     
    834831webkit.org/b/153168 http/tests/security/contentSecurityPolicy/source-list-parsing-07.html [ Failure ]
    835832webkit.org/b/153170 http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html [ Failure ]
    836 webkit.org/b/153562 http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html [ Failure ]
    837833webkit.org/b/153562 http/tests/security/contentSecurityPolicy/worker-script-src.html [ Failure ]
    838834http/tests/security/contentSecurityPolicy/script-src-blocked-error-event.html [ Pass Failure ]
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/script-set-value.js

    r195367 r196283  
    1 window.result = true;
     1self.result = true;
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt

    r195367 r196283  
    11CONSOLE MESSAGE: Refused to load the script 'http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' http://127.0.0.1:8000".
    22
    3 This is a testharness.js-based test.
     3
    44PASS Blob worker inherits CSP
    5 Harness: the test ran to completion.
    65
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt

    r195367 r196283  
    11CONSOLE MESSAGE: Refused to load the script 'http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-inline' 127.0.0.1:8000".
    22
    3 PASS result is "importScripts blocked: NetworkError: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js' failed to load."
     3PASS result is "importScripts blocked: Error: NetworkError: DOM Exception 19"
    44PASS successfullyParsed is true
    55
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html

    r195367 r196283  
    1616        worker.onmessage = function (event) {
    1717            result = event.data;
    18             shouldBeEqualToString('result', 'importScripts blocked: NetworkError: Failed to execute \'importScripts\' on \'WorkerGlobalScope\': The script at \'http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js\' failed to load.');
     18            shouldBeEqualToString('result', 'importScripts blocked: Error: NetworkError: DOM Exception 19');
    1919            finishJSTest();
    2020        };
  • trunk/Source/WebCore/ChangeLog

    r196282 r196283  
     12016-02-08  Daniel Bates  <dabates@apple.com>
     2
     3        CSP connect-src directive should block redirects
     4        https://bugs.webkit.org/show_bug.cgi?id=69359
     5        <rdar://problem/24383025>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Inspired by Blink patch:
     10        <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>
     11
     12        Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
     13        of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
     14        <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).
     15
     16        Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
     17        the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
     18        then we do not try to load URLs j >= i.
     19
     20        Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
     21               http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
     22               http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
     23               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
     24               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
     25               http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
     26               http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
     27               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
     28               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
     29               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
     30               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html
     31
     32        * fileapi/FileReaderLoader.cpp:
     33        (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
     34        * inspector/InspectorNetworkAgent.cpp:
     35        (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
     36        with the Web Inspector.
     37        * loader/DocumentThreadableLoader.cpp:
     38        (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
     39        and pass it through to DocumentThreadableLoader::create().
     40        (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
     41        to DocumentThreadableLoader::DocumentThreadableLoader().
     42        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
     43        Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
     44        that is not allowed by the CSP. The caller should not create a loader for such a request.
     45        (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
     46        then notify the client that the redirect check failed.
     47        (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
     48        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
     49        by the enforced CSP directive.
     50        (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
     51        DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
     52        * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
     53        that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
     54        * loader/ThreadableLoader.cpp:
     55        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
     56        (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
     57        * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
     58        directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
     59        only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
     60        * loader/WorkerThreadableLoader.cpp:
     61        (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
     62        with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
     63        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
     64        to the DocumentThreadableLoader.
     65        * loader/WorkerThreadableLoader.h:
     66        * page/EventSource.cpp:
     67        (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
     68        * workers/AbstractWorker.cpp:
     69        (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
     70        instead of querying for it directly.
     71        * workers/AbstractWorker.h:
     72        * workers/Worker.cpp:
     73        (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
     74        on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
     75        of the worker's script URL.
     76        * workers/WorkerGlobalScope.cpp:
     77        (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
     78        Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
     79        * workers/WorkerScriptLoader.cpp:
     80        (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
     81        (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
     82        * workers/WorkerScriptLoader.h:
     83        * xml/XMLHttpRequest.cpp:
     84        (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
     85        an isolated world.
     86
    1872016-02-08  Antti Koivisto  <antti@apple.com>
    288
  • trunk/Source/WebCore/fileapi/FileReaderLoader.cpp

    r189485 r196283  
    9898    options.setAllowCredentials(AllowStoredCredentials);
    9999    options.crossOriginRequestPolicy = DenyCrossOriginRequests;
     100    options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
    100101
    101102    if (m_client)
  • trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp

    r194496 r196283  
    680680    options.setDefersLoadingPolicy(DefersLoadingPolicy::DisallowDefersLoading); // So the request is never deferred.
    681681    options.crossOriginRequestPolicy = AllowCrossOriginRequests;
     682    options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
    682683
    683684    // InspectorThreadableLoaderClient deletes itself when the load completes.
  • trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

    r195010 r196283  
    3636#include "CachedResourceRequest.h"
    3737#include "CachedResourceRequestInitiators.h"
     38#include "ContentSecurityPolicy.h"
    3839#include "CrossOriginAccessControl.h"
    3940#include "CrossOriginPreflightResultCache.h"
     
    5455namespace WebCore {
    5556
     57void DocumentThreadableLoader::loadResourceSynchronously(Document& document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
     58{
     59    // The loader will be deleted as soon as this function exits.
     60    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadSynchronously, request, options, WTFMove(contentSecurityPolicy)));
     61    ASSERT(loader->hasOneRef());
     62}
     63
    5664void DocumentThreadableLoader::loadResourceSynchronously(Document& document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options)
    5765{
    58     // The loader will be deleted as soon as this function exits.
    59     RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadSynchronously, request, options));
    60     ASSERT(loader->hasOneRef());
    61 }
    62 
    63 PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, const ResourceRequest& request, const ThreadableLoaderOptions& options)
    64 {
    65     RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options));
     66    loadResourceSynchronously(document, request, client, options, nullptr);
     67}
     68
     69PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, const ResourceRequest& request, const ThreadableLoaderOptions& options, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
     70{
     71    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options, WTFMove(contentSecurityPolicy)));
    6672    if (!loader->m_resource)
    6773        loader = nullptr;
     
    6975}
    7076
    71 DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient& client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options)
     77PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, const ResourceRequest& request, const ThreadableLoaderOptions& options)
     78{
     79    return DocumentThreadableLoader::create(document, client, request, options, nullptr);
     80}
     81
     82DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient& client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
    7283    : m_client(&client)
    7384    , m_document(document)
     
    7687    , m_simpleRequest(true)
    7788    , m_async(blockingBehavior == LoadAsynchronously)
     89    , m_contentSecurityPolicy(WTFMove(contentSecurityPolicy))
    7890{
    7991    // Setting an outgoing referer is only supported in the async code path.
    8092    ASSERT(m_async || request.httpReferrer().isEmpty());
     93
     94    ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url()));
    8195
    8296    if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) {
     
    178192
    179193    Ref<DocumentThreadableLoader> protect(*this);
     194    if (!isAllowedByContentSecurityPolicy(request.url())) {
     195        m_client->didFailRedirectCheck();
     196        request = ResourceRequest();
     197        return;
     198    }
     199
    180200    // Allow same origin requests to continue after allowing clients to audit the redirect.
    181201    if (isAllowedRedirect(request.url()))
     
    407427    // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
    408428    // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
    409     if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
     429    if (requestURL != response.url() && (!isAllowedByContentSecurityPolicy(response.url()) || !isAllowedRedirect(response.url()))) {
    410430        m_client->didFailRedirectCheck();
    411431        return;
     
    419439}
    420440
     441bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url)
     442{
     443    switch (m_options.contentSecurityPolicyEnforcement) {
     444    case ContentSecurityPolicyEnforcement::DoNotEnforce:
     445        return true;
     446    case ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective:
     447        return contentSecurityPolicy().allowConnectToSource(url, false); // Do not override policy
     448    case ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective:
     449        return contentSecurityPolicy().allowScriptFromSource(url, false); // Do not override policy
     450    }
     451    ASSERT_NOT_REACHED();
     452    return false;
     453}
     454
    421455bool DocumentThreadableLoader::isAllowedRedirect(const URL& url)
    422456{
     
    437471}
    438472
     473const ContentSecurityPolicy& DocumentThreadableLoader::contentSecurityPolicy() const
     474{
     475    if (m_contentSecurityPolicy)
     476        return *m_contentSecurityPolicy.get();
     477    ASSERT(m_document.contentSecurityPolicy());
     478    return *m_document.contentSecurityPolicy();
     479}
     480
    439481} // namespace WebCore
  • trunk/Source/WebCore/loader/DocumentThreadableLoader.h

    r194419 r196283  
    3434#include "CachedRawResourceClient.h"
    3535#include "CachedResourceHandle.h"
    36 #include "FrameLoaderTypes.h"
    3736#include "ThreadableLoader.h"
    38 #include <wtf/Forward.h>
    3937#include <wtf/PassRefPtr.h>
    4038#include <wtf/RefCounted.h>
    41 #include <wtf/RefPtr.h>
    42 #include <wtf/text/WTFString.h>
    4339
    4440namespace WebCore {
    4541    class CachedRawResource;
     42    class ContentSecurityPolicy;
    4643    class Document;
    4744    class URL;
     
    5350        WTF_MAKE_FAST_ALLOCATED;
    5451    public:
     52        static void loadResourceSynchronously(Document&, const ResourceRequest&, ThreadableLoaderClient&, const ThreadableLoaderOptions&, std::unique_ptr<ContentSecurityPolicy>&&);
    5553        static void loadResourceSynchronously(Document&, const ResourceRequest&, ThreadableLoaderClient&, const ThreadableLoaderOptions&);
     54
     55        static PassRefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, const ResourceRequest&, const ThreadableLoaderOptions&, std::unique_ptr<ContentSecurityPolicy>&&);
    5656        static PassRefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, const ResourceRequest&, const ThreadableLoaderOptions&);
     57
    5758        virtual ~DocumentThreadableLoader();
    5859
     
    7374        };
    7475
    75         DocumentThreadableLoader(Document&, ThreadableLoaderClient&, BlockingBehavior, const ResourceRequest&, const ThreadableLoaderOptions&);
     76        DocumentThreadableLoader(Document&, ThreadableLoaderClient&, BlockingBehavior, const ResourceRequest&, const ThreadableLoaderOptions&, std::unique_ptr<ContentSecurityPolicy>&&);
    7677
    7778        void clearResource();
     
    9697        void loadRequest(const ResourceRequest&, SecurityCheckPolicy);
    9798        bool isAllowedRedirect(const URL&);
     99        bool isAllowedByContentSecurityPolicy(const URL&);
    98100
    99101        bool isXMLHttpRequest() const override final;
    100102
    101103        SecurityOrigin* securityOrigin() const;
     104        const ContentSecurityPolicy& contentSecurityPolicy() const;
    102105
    103106        CachedResourceHandle<CachedRawResource> m_resource;
     
    109112        bool m_async;
    110113        std::unique_ptr<ResourceRequest> m_actualRequest; // non-null during Access Control preflight checks
     114        std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
    111115    };
    112116
  • trunk/Source/WebCore/loader/ThreadableLoader.cpp

    r194496 r196283  
    5252}
    5353
    54 ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, CrossOriginRequestPolicy crossOriginRequestPolicy, RefPtr<SecurityOrigin>&& securityOrigin, String&& initiator)
     54ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, RefPtr<SecurityOrigin>&& securityOrigin, String&& initiator)
    5555    : ResourceLoaderOptions(baseOptions)
    5656    , preflightPolicy(preflightPolicy)
    5757    , crossOriginRequestPolicy(crossOriginRequestPolicy)
     58    , contentSecurityPolicyEnforcement(contentSecurityPolicyEnforcement)
    5859    , securityOrigin(WTFMove(securityOrigin))
    5960    , initiator(WTFMove(initiator))
     
    6667    if (securityOrigin)
    6768        securityOriginCopy = securityOrigin->isolatedCopy();
    68     return std::make_unique<ThreadableLoaderOptions>(*this, preflightPolicy, crossOriginRequestPolicy,
    69         WTFMove(securityOriginCopy), initiator.isolatedCopy());
     69    return std::make_unique<ThreadableLoaderOptions>(*this, preflightPolicy, crossOriginRequestPolicy, contentSecurityPolicyEnforcement, WTFMove(securityOriginCopy), initiator.isolatedCopy());
    7070}
    7171
  • trunk/Source/WebCore/loader/ThreadableLoader.h

    r186592 r196283  
    6060    };
    6161
     62    enum class ContentSecurityPolicyEnforcement {
     63        DoNotEnforce,
     64        EnforceConnectSrcDirective,
     65        EnforceScriptSrcDirective,
     66    };
     67
    6268    struct ThreadableLoaderOptions : ResourceLoaderOptions {
    6369        ThreadableLoaderOptions();
    64         ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, CrossOriginRequestPolicy, RefPtr<SecurityOrigin>&&, String&& initiator);
     70        ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement, RefPtr<SecurityOrigin>&&, String&& initiator);
    6571        ~ThreadableLoaderOptions();
    6672
     
    6975        PreflightPolicy preflightPolicy; // If AccessControl is used, how to determine if a preflight is needed.
    7076        CrossOriginRequestPolicy crossOriginRequestPolicy;
     77        ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement { ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective };
    7178        RefPtr<SecurityOrigin> securityOrigin;
    7279        String initiator; // This cannot be an AtomicString, as isolatedCopy() wouldn't create an object that's safe for passing to another thread.
  • trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

    r194419 r196283  
    3232#include "WorkerThreadableLoader.h"
    3333
     34#include "ContentSecurityPolicy.h"
    3435#include "Document.h"
    3536#include "DocumentThreadableLoader.h"
     
    5253    : m_workerGlobalScope(workerGlobalScope)
    5354    , m_workerClientWrapper(ThreadableLoaderClientWrapper::create(client))
    54     , m_bridge(*(new MainThreadBridge(m_workerClientWrapper, m_workerGlobalScope->thread().workerLoaderProxy(), taskMode, request, options, workerGlobalScope->url().strippedForUseAsReferrer())))
     55    , m_bridge(*(new MainThreadBridge(m_workerClientWrapper, workerGlobalScope->thread().workerLoaderProxy(), taskMode, request, options, workerGlobalScope->url().strippedForUseAsReferrer(), workerGlobalScope->securityOrigin(), workerGlobalScope->contentSecurityPolicy())))
    5556{
    5657}
     
    8485
    8586WorkerThreadableLoader::MainThreadBridge::MainThreadBridge(PassRefPtr<ThreadableLoaderClientWrapper> workerClientWrapper, WorkerLoaderProxy& loaderProxy, const String& taskMode,
    86                                                            const ResourceRequest& request, const ThreadableLoaderOptions& options, const String& outgoingReferrer)
     87    const ResourceRequest& request, const ThreadableLoaderOptions& options, const String& outgoingReferrer,
     88    const SecurityOrigin* securityOrigin, const ContentSecurityPolicy* contentSecurityPolicy)
    8789    : m_workerClientWrapper(workerClientWrapper)
    8890    , m_loaderProxy(loaderProxy)
     
    9395    auto* requestData = request.copyData().release();
    9496    auto* optionsCopy = options.isolatedCopy().release();
     97
     98    ASSERT(securityOrigin);
     99    ASSERT(contentSecurityPolicy);
     100    auto* contentSecurityPolicyCopy = std::make_unique<ContentSecurityPolicy>(*securityOrigin).release();
     101    contentSecurityPolicyCopy->copyStateFrom(contentSecurityPolicy);
     102
    95103    StringCapture capturedOutgoingReferrer(outgoingReferrer);
    96     m_loaderProxy.postTaskToLoader([this, requestData, optionsCopy, capturedOutgoingReferrer](ScriptExecutionContext& context) {
     104    m_loaderProxy.postTaskToLoader([this, requestData, optionsCopy, contentSecurityPolicyCopy, capturedOutgoingReferrer](ScriptExecutionContext& context) {
    97105        ASSERT(isMainThread());
    98106        Document& document = downcast<Document>(context);
     
    106114        // will return a 0 value. Either this should return 0 or the other code path should do a callback with
    107115        // a failure.
    108         m_mainThreadLoader = DocumentThreadableLoader::create(document, *this, *request, *options);
     116        m_mainThreadLoader = DocumentThreadableLoader::create(document, *this, *request, *options, std::unique_ptr<ContentSecurityPolicy>(contentSecurityPolicyCopy));
    109117        ASSERT(m_mainThreadLoader);
    110118    });
  • trunk/Source/WebCore/loader/WorkerThreadableLoader.h

    r177733 r196283  
    4444namespace WebCore {
    4545
     46    class ContentSecurityPolicy;
    4647    class ResourceError;
    4748    class ResourceRequest;
     
    9596        public:
    9697            // All executed on the worker context's thread.
    97             MainThreadBridge(PassRefPtr<ThreadableLoaderClientWrapper>, WorkerLoaderProxy&, const String& taskMode, const ResourceRequest&, const ThreadableLoaderOptions&, const String& outgoingReferrer);
     98            MainThreadBridge(PassRefPtr<ThreadableLoaderClientWrapper>, WorkerLoaderProxy&, const String& taskMode, const ResourceRequest&, const ThreadableLoaderOptions&, const String& outgoingReferrer, const SecurityOrigin*, const ContentSecurityPolicy*);
    9899            void cancel();
    99100            void destroy();
  • trunk/Source/WebCore/page/EventSource.cpp

    r196242 r196283  
    130130    options.setDataBufferingPolicy(DoNotBufferData);
    131131    options.securityOrigin = origin;
     132    options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
    132133
    133134    m_loader = ThreadableLoader::create(scriptExecutionContext(), this, request, options);
  • trunk/Source/WebCore/workers/AbstractWorker.cpp

    r196242 r196283  
    4444}
    4545
    46 URL AbstractWorker::resolveURL(const String& url, ExceptionCode& ec)
     46URL AbstractWorker::resolveURL(const String& url, bool shouldBypassMainWorldContentSecurityPolicy, ExceptionCode& ec)
    4747{
    4848    if (url.isEmpty()) {
     
    6666    // See <https://bugs.webkit.org/show_bug.cgi?id=153562>.
    6767    ASSERT(scriptExecutionContext()->contentSecurityPolicy());
    68     if (!scriptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(scriptURL, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {
     68    if (!scriptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(scriptURL, shouldBypassMainWorldContentSecurityPolicy)) {
    6969        ec = SECURITY_ERR;
    7070        return URL();
  • trunk/Source/WebCore/workers/AbstractWorker.h

    r181169 r196283  
    5555
    5656        // Helper function that converts a URL to an absolute URL and checks the result for validity.
    57         URL resolveURL(const String& url, ExceptionCode& ec);
     57        URL resolveURL(const String& url, bool shouldBypassMainWorldContentSecurityPolicy, ExceptionCode&);
    5858        intptr_t asID() const { return reinterpret_cast<intptr_t>(this); }
    5959
  • trunk/Source/WebCore/workers/Worker.cpp

    r196242 r196283  
    8484    worker->suspendIfNeeded();
    8585
    86     URL scriptURL = worker->resolveURL(url, ec);
     86    bool shouldBypassMainWorldContentSecurityPolicy = context.shouldBypassMainWorldContentSecurityPolicy();
     87    URL scriptURL = worker->resolveURL(url, shouldBypassMainWorldContentSecurityPolicy, ec);
    8788    if (scriptURL.isEmpty())
    8889        return nullptr;
    8990
    90     worker->m_shouldBypassMainWorldContentSecurityPolicy = context.shouldBypassMainWorldContentSecurityPolicy();
     91    worker->m_shouldBypassMainWorldContentSecurityPolicy = shouldBypassMainWorldContentSecurityPolicy;
    9192
    9293    // The worker context does not exist while loading, so we must ensure that the worker object is not collected, nor are its event listeners.
     
    9495
    9596    worker->m_scriptLoader = WorkerScriptLoader::create();
    96     worker->m_scriptLoader->loadAsynchronously(&context, scriptURL, DenyCrossOriginRequests, worker.ptr());
    97 
     97    // FIXME: Enforce Content Security Policy child-src directive when shouldBypassMainWorldContentSecurityPolicy is false. See <https://bugs.webkit.org/show_bug.cgi?id=153562>.
     98    worker->m_scriptLoader->loadAsynchronously(&context, scriptURL, DenyCrossOriginRequests, ContentSecurityPolicyEnforcement::DoNotEnforce, worker.ptr());
    9899    return WTFMove(worker);
    99100}
  • trunk/Source/WebCore/workers/WorkerGlobalScope.cpp

    r196242 r196283  
    184184
    185185    for (auto& url : completedURLs) {
     186        // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
     187        bool shouldBypassMainWorldContentSecurityPolicy = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy();
     188        if (!scriptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(url, shouldBypassMainWorldContentSecurityPolicy)) {
     189            ec = NETWORK_ERR;
     190            return;
     191        }
     192
    186193        Ref<WorkerScriptLoader> scriptLoader = WorkerScriptLoader::create();
    187         scriptLoader->loadSynchronously(scriptExecutionContext(), url, AllowCrossOriginRequests);
     194        scriptLoader->loadSynchronously(scriptExecutionContext(), url, AllowCrossOriginRequests, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);
    188195
    189196        // If the fetching attempt failed, throw a NETWORK_ERR exception and abort all these steps.
  • trunk/Source/WebCore/workers/WorkerScriptLoader.cpp

    r194428 r196283  
    3030#include "WorkerScriptLoader.h"
    3131
     32#include "ContentSecurityPolicy.h"
    3233#include "ResourceResponse.h"
    3334#include "ScriptExecutionContext.h"
     
    5455}
    5556
    56 void WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy)
     57void WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement)
    5758{
    5859    m_url = url;
     
    6869    options.crossOriginRequestPolicy = crossOriginRequestPolicy;
    6970    options.setSendLoadCallbacks(SendCallbacks);
     71    options.securityOrigin = scriptExecutionContext->securityOrigin();
     72    options.contentSecurityPolicyEnforcement = contentSecurityPolicyEnforcement;
    7073
    7174    WorkerThreadableLoader::loadResourceSynchronously(downcast<WorkerGlobalScope>(scriptExecutionContext), *request, *this, options);
    7275}
    7376   
    74 void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, WorkerScriptLoaderClient* client)
     77void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, WorkerScriptLoaderClient* client)
    7578{
    7679    ASSERT(client);
     
    8689    options.crossOriginRequestPolicy = crossOriginRequestPolicy;
    8790    options.setSendLoadCallbacks(SendCallbacks);
     91    options.securityOrigin = scriptExecutionContext->securityOrigin();
     92    options.contentSecurityPolicyEnforcement = contentSecurityPolicyEnforcement;
    8893
    8994    // During create, callbacks may happen which remove the last reference to this object.
  • trunk/Source/WebCore/workers/WorkerScriptLoader.h

    r177733 r196283  
    5555        }
    5656
    57         void loadSynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy);
    58         void loadAsynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy, WorkerScriptLoaderClient*);
     57        void loadSynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement);
     58        void loadAsynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement, WorkerScriptLoaderClient*);
    5959
    6060        void notifyError();
  • trunk/Source/WebCore/xml/XMLHttpRequest.cpp

    r196242 r196283  
    756756    options.crossOriginRequestPolicy = UseAccessControl;
    757757    options.securityOrigin = securityOrigin();
     758    options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
    758759    options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
    759760
Note: See TracChangeset for help on using the changeset viewer.